ID theft: How criminals get your information, and how they use it

Tuesday

Sep 18, 2012 at 12:01 AM

You open your credit card statement and see a charge you never made. It could be the credit card company simply made an error — or you could be a victim of identity theft. Bells should immediately go off in your head, according to Federal Trade Commission Bureau of Consumer Protection, Washington, D.C.

Amy Leap

You open your credit card statement and see a charge you never made.

Bells should immediately go off in your head, according to Federal Trade Commission Bureau of Consumer Protection, Washington, D.C.

It could be the credit card company simply made an error — or you could be a victim of identity theft.

"Identity theft happens when someone steals your personal information and uses it without your permission. It is a serious crime, and when it happens, it will destroy your finances, credit history and reputation, and can take time, money and patience to get it straightened out," said Nils Frederiksen, director of communications for the Pennsylvania Office of Attorney General, Harrisburg.

Once identity thieves have your personal information, they can drain your bank account, run up charges on your credit cards, open new utility accounts or get medical treatment on your health insurance.

"When someone has all your personal information, they can even file a tax return in your name and get your refund," said Pam Banks, Consumer Union policy advocate, Yonkers, N.Y.

Identity thieves have even used their victim's name during a police arrest, she said.

Identity thieves are resourceful and use several ways to get personal information.

Thieves are not above Dumpster diving or rummaging through garbage, businesses trash or even the public garbage, Banks said.

Being too casual with personal information, rather than destroying things such as credit card offers that come in the mail, and emailing sensitive documents without encrypting them — controlling who can see the files — is a common mistake people make, said Erin Baehr, a financial adviser at Baehr Family Financial, Stroudsburg.

"Using your credit card online, without knowing if the website is secure, is another mistake people make," she said.

Identity thieves may also introduce themselves as an employee representing a legitimate company and sometimes actually do work for the company, but they are dishonest, said Jeff Fox, senior project editor for Consumer Reports.

Most people know not to respond when they receive an email that appears to be their bank or other financial institution asking for personal bank information, passwords or account numbers.

The same thing is true if someone calls on the phone and asks you for that information.

"A legitimate bank or credit card company would never ask you for information, but the criminals are getting very good at creating authentic websites by copying and pasting logos," he said.

Fox doesn't recommend using a wireless device such as your phone, laptop or electronic pad in a public place to do your banking or any other transaction where personal and sensitive information is used.

"Thieves use what is called a packet sniffer to get your information," he said.

Basically, the thief sits in a free Wi-Fi, public area with a small piece of computer hardware that intercepts and logs small packets of information passing over the digital network.

As your data streams across the network, the sniffer captures each packet and decodes the packet's raw data.

"If you are doing your banking, the thief now has all the information needed to get into your account," Fox said.

As soon as you realize your identity has been stolen, there are immediate steps you need to take, Banks said.

First, you need to file an initial fraud report with the three major credit bureaus — Experian, TransUnion and Equifax — asking them to put a credit freeze on your account, she said.

"Make sure to follow up with credit agencies to make sure the credit freeze is actually put on your report," she said.

This means no new credit cards or bank accounts can be opened in your name, Banks said.

"This will keep anyone from opening new accounts with your stolen information," she said. "You also need to close the accounts that you have open."

"The Pennsylvania Office of Attorney General has several good links that will walk the victim through the process of what to do," Frederiksen said.

The initial fraud alert stays on your accounts for 90 days and then you must renew it, according to the Pennsylvania Office of Attorney General.

Check your credit report from each agency yearly.

"Rotate so you are requesting one every four months," Baehr said.

You should also use one specific card, with a low credit limit, for online purchases. It may stop a large fraudulent purchase, she said.

Make sure to monitor your children's use of your financial information.

"If you allow your teen to use your card to purchase something online, check out the site yourself," Baehr said.

She said that teens often won't know that a site is not secure.

Fox suggests changing passwords and pins every few months and never use the same password for every account.

"Make the password something that isn't obvious. You would be surprised how many people pick their birth date, children's birth date or street address," he said.

Fox also cautions: "Watch the social media websites."

"Facebook is one of the worst when it comes to security. Make your information only available to friends and never choose the friends of friends options. When you do, you are making your personal information available to thousands of people you don't know," he said.

Never miss a story

Choose the plan that's right for you.
Digital access or digital and print delivery.